<?php
@require_once("bin/data.php");
@session_start();

if (isset($_REQUEST['u']))
{
	// trying to view a profile.
	$user = getUser(@$_SESSION['userid']);
	$countrylist = getCountryList($user['countryid']);


	$title="Profile";
	$link="";
	$header="";
	$footer="";
	$content= <<<EOF
	<div id="formentry">
	<h2>{$user['username']}'s Profile:</h2>
	<table width="100%" border="0">
	<tr>
		<td align="right">
			<span>Email:</span>
		</td>
		<td>
			<span>{$user['email']}</span>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>First name:</span>
		</td>
		<td>
			<span>{$user['first']}</span>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>Last name:</span>
		</td>
		<td>
			<span>{$user['last']}</span>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>Country:</span>
		</td>
		<td>
			<select disabled="true">{$countrylist}</select>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>About Me:</span>
		</td>
		<td>
			<span>{$user['description']}</span>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>My website:</span>
		</td>
		<td>
			<span>{$user['website']}</span>
		</td>
	</tr>
	</table>
	</div>
EOF;
}
else if (!isset($_COOKIE['userid'])||(strlen($_COOKIE['userid'])<1)||($_COOKIE['userid']=='-1'))
{
	// if session info is missing, switch to sign in page.
	header("Location:signin.php");
}
else
{
	$user = getUser(@$_SESSION['userid']);
	$countrylist = getCountryList($user['countryid']);


	$title="Profile";
	$link="";
	$header="";
	$footer="";
	$content= <<<EOF
	<div id="formentry">
	<h2>Profile:</h2>
	<form action="profile.php" method="post">
	<table width="100%" border="0">
	<tr>
		<td align="right">
			<span>Email:</span>
		</td>
		<td>
			<input type="text" name="e" id="e" value="{$user['email']}" />
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>Password:</span>
		</td>
		<td>
			<input type="submit" name="p" id="p" value="Change Password" />
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>First name:</span>
		</td>
		<td>
			<input type="text" name="f" id="f" value="{$user['first']}" />
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>Last name:</span>
		</td>
		<td>
			<input type="text" name="l" id="l" value="{$user['last']}" />
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>Country:</span>
		</td>
		<td>
			<select name="c" id="c">{$countrylist}</select>
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>About Me:</span>
		</td>
		<td>
			<input type="text" name="d" id="d" value="{$user['description']}" />
		</td>
	</tr>
	<tr>
		<td align="right">
			<span>My website:</span>
		</td>
		<td>
			<input type="text" name="w" id="w" value="{$user['website']}" />
		</td>
	</tr>
	<tr>
		<td></td>
		<td>
			<input type="submit" name="pu" id="pu" value="Update" />
		</td>
	</tr>
	</table>
	</form>
	</div>
EOF;
}

if (isset($_REQUEST['pu']))
{
	global $tblusers;
	
	$email = mysql_real_escape_string($_REQUEST['e']);
	$first = mysql_real_escape_string($_REQUEST['f']);
	$last = mysql_real_escape_string($_REQUEST['l']);
	$countryid = mysql_real_escape_string($_REQUEST['c']);
	$desc = mysql_real_escape_string($_REQUEST['d']);
	$website = mysql_real_escape_string($_REQUEST['w']);
	$userid = $user['id'];
	
	$sql = "UPDATE `$tblusers` SET 
		email = '$email',
		first = '$first',
		last = '$last',
		countryid = '$countryid',
		description = '$desc',
		website = '$website'
	 where id = '$userid';";
	$result = mysql_query($sql) or die(mysql_error() );
	if ($result > 0)
	{
		header("Location:profile.php");
	}
}
include ("base.php");
echo $html;
?>
